feel free to email me at

iptables MASQUERADE vs SNAT - mistery of netfilter.

Both MASQUERADE and SNAT modify a source address of a packet.

SNAT uses an address from --to-source option. MASQUERADE uses an address of outgoing interface to which a packet is routed. So if an address of the interface changes you do not need to modify rules. But MASQUERADE is a bit slower.

Also with SNAT you could specify more then one address and use them in a simple round-robin.

Look at *_target functions of ip_nat_rule.c and ipt_MASQUERADE.c in net/ipv4/netfilter folder. They differs only slightly.